Use the same provider for different login forms

advertisements

In the application there are 2 login forms, one for clients and one for administrators.

The two forms use the same provider:

 security:
     providers:
        form_login:
            entity: { class: FMP\SecurityBundle\Entity\User, property: username }

 firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false

    app_secured_area:
        pattern: ^/
        anonymous: ~
        form_login:
            provider: form_login
            login_path: security_app_login
            check_path: security_app_login_check
            default_target_path: /
        logout:
            path: security_logout
            target: security_app_login

    admin_secured_area:
          pattern: ^/admin
          anonymous: ~
          form_login:
              provider: form_login
              login_path: security_admin_login
              check_path: security_admin_login_check
              default_target_path: /admin/
          logout:
              path: security_logout
              target: security_admin_login

    default:
        anonymous: ~
        http_basic: ~

DefaultController.php:

class DefaultController extends Controller
{
    /**
     * @Route("/login", name="security_app_login")
     * @param Request $request
     * @return \Symfony\Component\HttpFoundation\Response
     */
     public function appLoginAction(Request $request)
     {
        return $this->loginAction($request, 'FMPSecurityBundle:Default:app_login.html.twig');
     }

     /**
      * @Route("/admin/login", name="security_admin_login")
      * @param Request $request
      * @return \Symfony\Component\HttpFoundation\Response
      */
      public function adminLoginAction(Request $request)
      {
           return $this->loginAction($request, 'FMPSecurityBundle:Default:admin_login.html.twig');
      }

      public function loginAction(Request $request, $template)
      {
          $session = $request->getSession();

          if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
              $error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR);
          } else {
               $error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
          }

          return $this->render($template, array(
              'last_username' => $session->get(SecurityContext::LAST_USERNAME),
              'error'         => $error,
          ));
      }

      /**
       * @Route("/login_check", name="security_app_login_check")
       */
      public function loginCheckAppAction()
      {
          //
      }

      /**
       * @Route("/admin/login_check", name="security_admin_login_check")
       */
      public function loginCheckAdminAction()
      {
          //
      }   

      /**
       * @Route("/logout", name="security_logout")
       */
      public function logoutAction()
      {
          //
      }
}

When I access the route /admin/login and log me in, the following error is returned:

The controller must return a response (null given). Did you forget to add a return statement somewhere in your controller?

What is wrong? You can not use the same provider for different forms?


Try to swap you firewall configurations.

admin_secured_area:
      pattern: ^/admin
      anonymous: ~
      form_login:
          provider: form_login
          login_path: security_admin_login
          check_path: security_admin_login_check
          default_target_path: /admin/
      logout:
          path: security_logout
          target: security_admin_login

app_secured_area:
    pattern: ^/
    anonymous: ~
    form_login:
        provider: form_login
        login_path: security_app_login
        check_path: security_app_login_check
        default_target_path: /
    logout:
        path: security_logout
        target: security_app_login

In you configuration, always fires app_secured_area and never admin_secured_area